I just started to learn this and wonder which method is better.
1. Joining vcsa SSO to AD via Active Directory (Integrated Windows Authentication); will require reboot (need to reboot all vcsa in a cluster?), only join to one AD, AD trust to consider, Should join to root of the forest.
2. Join vcsa via AD over LDAP, no reboot, join to multiple AD, any AD trust to consider?… does this mean workstation joined to a Domain can’t just use SSO? (like must provide account and password all the time)
Extracted from the above link;
“Active Directory over LDAP. vCenter Single Sign-On supports multiple Active Directory over LDAP identity sources. This identity source type is included for compatibility with the vCenter Single Sign-On service included with vSphere 5.1. Shown as Active Directory as an LDAP Server in the vSphere Client.”
Does this mean, this is included mainly to be compatible with vCenter SSO vSphere 5.1 and we should use Active Directory (Integrated Windows Authentication) instead if there isn’t vSphere 5.1 around.
If so, why? Because it is easier?